LibWeb: Do not use JS::Handle for mutation observers

Using JS::Handle in WebEngineCustomData means that mutation observers will live as long as VM while actually they should be deallocated as soon as they are no longer used in a script that created them.
Author: https://github.com/kalenikaliaksandr Commit: https://github.com/SerenityOS/serenity/commit/15629e8925 Pull-request: https://github.com/SerenityOS/serenity/pull/21242
2023-09-27 14:58:14 +02:00 · 2023-09-27 14:58:14 +02:00 · 15629e8925 · 2024-07-17 10:16:43 +09:00
commit 15629e8925
parent e7a3040c9f
2 changed files with 8 additions and 2 deletions
--- a/Userland/Libraries/LibWeb/Bindings/MainThreadVM.h
+++ b/Userland/Libraries/LibWeb/Bindings/MainThreadVM.h
@ -49,7 +49,7 @@ struct WebEngineCustomData final : public JS::VM::CustomData {

    // https://dom.spec.whatwg.org/#mutation-observer-list
    // FIXME: This should be a set.
-    Vector<JS::Handle<DOM::MutationObserver>> mutation_observers;
+    Vector<JS::NonnullGCPtr<DOM::MutationObserver>> mutation_observers;

    JS::Handle<JS::Realm> internal_realm;

--- a/Userland/Libraries/LibWeb/DOM/MutationObserver.cpp
+++ b/Userland/Libraries/LibWeb/DOM/MutationObserver.cpp
@ -29,7 +29,13 @@ MutationObserver::MutationObserver(JS::Realm& realm, JS::GCPtr<WebIDL::CallbackT
    agent_custom_data->mutation_observers.append(*this);
 }

-MutationObserver::~MutationObserver() = default;
+MutationObserver::~MutationObserver()
+{
+    auto* agent_custom_data = verify_cast<Bindings::WebEngineCustomData>(vm().custom_data());
+    agent_custom_data->mutation_observers.remove_all_matching([this](auto& observer) {
+        return observer.ptr() == this;
+    });
+}

 void MutationObserver::initialize(JS::Realm& realm)
 {